Contents:
GoDaddy, one of the largest web hosting companies and domain registrars, has recently suffered a data breach that exposed approximately 1.2 million customers.
The web hosting company also revealed that the incident has impacted several Managed WordPress services resellers, including tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
Dan Rice, VP of Corporate Communications at GoDaddy declared:
A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident.
No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.
How Did the Data Breach Happen?
GoDaddy noticed the data breach on November 17th after cybercriminals managed to obtain access to the web hosting giant’s Managed WordPress hosting environment.
According to BleepingComputer, threat actors have had access to the company’s systems and the data on the compromised networks since at least September 6, 2021.
We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.
The investigation is underway, according to GoDaddy, which began contacting all affected customers individually with detailed information. Clients can also use the company’s help center to get in touch with them.
GoDaddy customers were notified this week that attackers managed to obtain access to certain login details for administrative services, particularly customer numbers and email addresses associated with accounts, WordPress Admin login set at inception, and sFTP and database usernames and passwords.
What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it.
GoDaddy Experienced Data Breaches Before
Last year, in May, the web hosting firm informed some of its clients that in October, an unauthorized party utilized their web hosting account login details to connect to their hosting account using SSH.
GoDaddy’s security team discovered the attack after noticing a changed SSH file in GoDaddy’s hosting environment and suspicious behavior on a subset of GoDaddy’s servers.
According to BleepingComputer, two years ago, scammers created 15,000 subdomains using hundreds of hijacked GoDaddy accounts, seeking to pose as popular websites and sending possible targets to spam pages promoting snake oil products.
How Can Heimdal™ Help You?
Data breaches are very common nowadays and system vulnerabilities usually facilitate hackers’ infiltration. That is why a system should be always updated and have the latest patches applied. But what do you do if you cannot keep always track of what patches need to be applied? You use an automated Patch Management Solution.
Heimdal™ has this solution and it’s very efficient because it really saves you time. You will always have control over your software inventory, enabling patch management from anywhere in the world. What’s even cooler is the vendor to end-user waiting time, this means that in less than 4 hours the released patches, tested and repackaged, are available in your Heimdal cloud for deployment. Find more on our website!
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.